An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules
References
Link | Resource |
---|---|
http://www.iwantacve.cn/index.php/archives/116/ | Exploit Third Party Advisory |
http://www.iwantacve.cn/index.php/archives/116/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.iwantacve.cn/index.php/archives/116/ - Exploit, Third Party Advisory |
07 Nov 2023, 03:13
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules |
Information
Published : 2019-02-23 18:29
Updated : 2024-11-21 04:50
NVD link : CVE-2019-9042
Mitre link : CVE-2019-9042
CVE.ORG link : CVE-2019-9042
JSON object : View
Products Affected
sitemagic
- sitemagic_cms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type